Digital Security: Understanding Ransomware

The word ransom was linked to the kidnapping 10 years back mainly for the purpose of gaining the big chunk of money. But today the equations have changed as it is not limited to the human being. Even with the computers early years, the common destructive approach is virus infection destroying important data and information.

Personal data and information are very important and valuable piece of information and moving toward digital technologies we are becoming more dependent on this information. This can contain pictures, videos, banking/financial information, passwords, certificates and much more. Nowadays cyber criminals have come up with the new approach of ransomware tools which people downloads and unknowingly executes results in encrypting all personal information. Most of the times these files looks like some important update files, pdf documents and sometimes just simple HTML page and Windows machines are most popular targets for these ransomware tools. We have almost 90% of these built for only windows environments.

Ransomware tools mainly come in 2 categories:

Nondestructive: – this ransomware does not destroy or encrypt your personal information, but creates an impression that your personal information is affected with the virus and needs advance cleanup. Most of the times this is achieved with popups/big screensavers telling end user to contact some number and then requesting remote access or money for data cleanup. One the example of such message is shown below.

Destructive: – these are the once which are dangerous and can encrypt all data present on your machines in seconds of execution. Most of the times after execution of such files gives immediate error creating an impression that nothing has happened. But within seconds after that we get the message on the screen telling all your personal information is now encrypted and the only way to recover this information is by paying portions of bitcoins which is equivalent to 100/300 dollars. And yes this message comes with the deadline clock which ranges from 1 to 4 days. One of such example is shown below. Most of such ransomware are still not having any decryption solution unless paying money to the owner of ransomware.

How can we save our information from Ransomware then ?

Always keep one or multiple backups of your critical personal information, pictures and other files.

Do not open any emails or attachments which you are not expected to receive. Free lottery/iPhone emails are 100% hoax. None of the company is that rich to give away his money or gadgets for free. So if we receive any emails with attachments that we are not expecting, just better to delete them.

Always update anti-virus software. Still most of the antivirus unable to give 100% protection against all ransomware, so better not to run any unknown attachment on the computer.

Finally – if we still left with some curiosity to find what is inside in the attachment/document we downloaded/received. First open https://www.virustotal.com/ website. This will show below the screen. You can upload your file to this website first and scan to find ransomware score. This website runs your file against most of the antivirus software available and provides you ransomware score.

If results showing all green then that file is safe to execute. If we get at least one hit from any antivirus then better not to run that file.

In summary, it’s individual’s responsibility to protect his/her personal information. Always take backup, strong passwords and never open any unknown file on your machine which could leave you in regret afterward.